What I did:
- created request file (with exportable keys) with CertReq.exe
- added the cert as MSSQLServer Service user in cert. store
- exported the cert (and key) and inserted in the second node
- added the thumbprint to the registry
- restarted mssqlservice and tested to move the nodes -> OK

I'm now not able to test the SSL communication by enabling the client side "force encryption"
I get "SSL Security error" on the client.

Any kick in the right direction is highly appreciated!
TIA
Dan Ackermann

Hi all,
The problem was that our CA could not issue two certificatas (2 nodes) for the same FQDN. (Don't know if this is possible with other (Microsoft) CA's).
I had to install the same certificate on both nodes.

That's how I did it:
- reqest the certificate on one node (request needs to be formulated with exportable keys and that's only possible with the utility CertReq.exe)
- install the certificate on one node
- export the certificate (with keys)
- and import it on the 2nd node.